Today's digital landscape has transformed the operational accounting of financial institutions and businesses.
With news on Thursday (July 17) that the U.S. Department of the Treasury and the Financial Services Sector Coordination Council (FSSCC) have released a set of resources to share with financial services organizations on effective practices for a secure cloud adoption journey, modernizing financial workflows, processes, and payments securely and compliantly with the latest technologies is a top priority for forward-thinking organizations.
This is because organizations concerned about security in finance and payments may be reluctant to update systems they are already comfortable with, even though traditional on-premises solutions do not meet the requirements in today’s fast-moving environment, where even the smallest friction can cause customers to move their business to more streamlined offerings.
“Banks and other financial services companies know they need to adapt to new technologies, but many are unsure how to do so safely and securely,” Acting Comptroller of the Currency Michael J. Hsu said in a statement provided to PYMNTS. “Today’s publications represent an important step forward by providing a roadmap and useful resources for banks of all sizes. These documents also clarify the responsibilities of cloud computing providers to ensure a secure and resilient financial system.”
The financial sector’s ongoing shift towards cloud-native services is driven by several factors, including the need for greater flexibility, cost efficiency, enhanced security, and the ability to leverage additional advanced technologies such as artificial intelligence and machine learning.
“Our financial system is the core infrastructure of the entire economy, and it relies heavily on a handful of powerful cloud providers from big tech companies,” CFPB Director Rohit Chopra said in a statement. “Our work will help protect the financial industry from disruptions and disruptions by leveling the playing field between financial firms of all sizes and the big cloud providers.”
Read more: 2024 is the year companies will get rid of technical debt
Addressing the gaps in cloud computing adoption by the financial sector
The initiative, led by the Financial Stability Oversight Council (FSOC), aims to address several critical gaps identified in the Treasury Department’s landmark report on the financial services sector’s adoption of the cloud.
These gaps include the need for a common lexicon, enhanced information sharing, improved oversight, third-party risk management, and improved transparency and monitoring of cloud services.
To address the first challenge, the lack of a common vocabulary, the Cloud Computing Glossary, developed by the Office of the Comptroller of the Currency (OCC) and released Wednesday, provides a standardized set of terms used by cloud service providers (CSPs) and financial institutions. The foundational document aims to ensure that all stakeholders can communicate clearly and effectively, reducing misunderstandings and balancing expectations.
The new resources also include an assessment of the existing authorities that supervise cloud providers. This assessment helps financial institutions understand the regulatory landscape and ensure that their cloud strategies comply with existing legal and supervisory frameworks.
Given the significant risks associated with third-party service providers, the Financial and Insurance Services Commission has prepared a document entitled “Issues and Considerations for Cloud Computing Outsourcing in the Financial Sector”.
Read more: Recent high-profile cyber breaches highlight need for fault-resistant security
This document, created in collaboration with the American Bankers Association (ABA) and the Securities Industry and Financial Markets Association (SIFMA), provides key considerations for developing contractual provisions between financial institutions and telecommunications service providers. These provisions address cybersecurity, resiliency, third-party due diligence, and compliance with regulatory expectations.
“These documents represent an important step forward in CESG’s efforts to make the cloud more secure and resilient inside and outside the financial services industry,” said Bill Demchak, chairman and CEO of PNC Financial Services Group, in a joint statement with PYMNTS. “The strong partnership between public and private sector leaders allows us to take a more comprehensive and collaborative approach to defending against advanced threats.”
PYMNTS has been tracking the rapidly evolving cyber threat landscape, as evidenced by the number of attacks this summer, including a “significant amount of data” stolen last month from at least 165 customers of multi-cloud data storage platform Snowflake — including the theft of personal information from “nearly all” AT&T wireless customers.
See also: The cost of traditional payments in light of the return on investment in innovation
Ensure security and flexibility while unleashing more innovation.
Newly published resources include the Transparency and Oversight for Better Secure Design document, created by the FSSCC Transparency and Oversight for Secure Design workstream and the Financial Services Information Sharing and Analysis Center (FS-ISAC), which addresses service transparency, architecture best practices, and resilience management for communications service providers.
The document proposes basic security configurations that simplify the deployment of secure CSP workloads, making it easier for financial institutions to implement secure infrastructure with minimal engineering.
Together, the resources published by the Treasury Department and the FSC represent significant progress in guiding financial institutions through the complexities of secure cloud adoption, providing a robust framework for financial institutions to adopt cloud technologies securely and effectively.
After all, as experts have repeatedly told PYMNTS in our “What’s Next in Payments” series, the future of banking is set to be transformative—and increasingly defined by digital transformations, fintech collaborations, and open banking opportunities.
This is why modernization, ultimately, is not just a technological upgrade; it is a strategic imperative driven by the need to meet the emerging dynamic expectations of end customers.
